Analysis
-
max time kernel
133s -
max time network
177s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
05-07-2024 01:52
Static task
static1
Behavioral task
behavioral1
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5.apk
-
Size
574KB
-
MD5
82267a649aa0a1dbaea09a422f292fdf
-
SHA1
f24dd169c52754e21d261e173327313ad66518ca
-
SHA256
d75f907f12aa1c8b3b48c58ae65a23d9c7f7de2e06badb122c625d2916a3a0b5
-
SHA512
0ec7a1a74d98274c984506119fb3c8faefb6c530995f3b667b0658b30dda9ced5b9200a3b2df9addffdefe1605e6ea58042389af99b2f30def7c5417b96bf93a
-
SSDEEP
12288:aNSDw+uaAoPekatn0k661r5lMZRgJtxgKH3obMITiyLU4:XDu+ex0k661tlYctxJgg4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.cover.the.dumb.roll:Metricaioc process /sbin/su com.cover.the.dumb.roll:Metrica /system/app/Superuser.apk com.cover.the.dumb.roll:Metrica -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cover.the.dumb.roll -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.rolldescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cover.the.dumb.roll -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.cover.the.dumb.rollcom.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.cover.the.dumb.roll Framework service call android.app.IActivityManager.registerReceiver com.cover.the.dumb.roll:Metrica -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.cover.the.dumb.roll:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cover.the.dumb.roll:Metricadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cover.the.dumb.roll:Metrica -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.cover.the.dumb.roll1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
-
com.cover.the.dumb.roll:Metrica1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.cover.the.dumb.roll/files/mFilesize
12KB
MD55dfe389461dfde8646b3a610515a4d71
SHA1deac69958bbb97a048096cefe89b17f5770712a0
SHA256d2ac0e3c663dc0bfee815e9f7ffc0dbb63db2e8caacdf53f0102a0d6d02ee753
SHA51288dc0c722d9b900174b4d233cd1c6a1e144bff5b871228e4d3b703a5f1c52173d623eef68aace2e804822bee2fec95f4444cddcc76a73f2c7af58148a4b599d0
-
/data/data/com.cover.the.dumb.roll/files/mFilesize
12KB
MD59f80af715526a1f38713041d465116cf
SHA175aad5ffcb2db62a08e46e7e91d2653cf9c9c7e0
SHA256fa1c05bcdb89d53880c23e73b4e72dfbd9128d17dba0cb7ee42a78be0ee9a81e
SHA51287a9105016c058eab8dd13240ba8e1d3a5e29d4533ee87d67fe5016e13573fbb443062ae459ed8a50ae796dd6019bb1bf5711f73f78cc892eb3cfab62a3aed85
-
/data/data/com.cover.the.dumb.roll/no_backup/credentials.datFilesize
226B
MD5ed12dedc93d21e7bd1d28227d7f1b097
SHA1405f415ff42bff5165cefafcd565cdd751254307
SHA2565d0ba9f86079fc4f39e902e4db2d8e8c1f85c6cfb2e09dc23646de074faf928e
SHA512b569795a388c5ca78e61626409ff59f5c5d27f0d6bcea93d35f5ae0c16f37326f43f02a66add759e4023204c6b9c5f5b28b4b4a5433211454a9fa23a1841692d
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.rollFilesize
36KB
MD56396afc07d2ad1c1212f749673524403
SHA174169aa821ba03d2edc01b5dfbfb10ebfd63fe2c
SHA256a6b97f842fb441403c6f24955cd5a266a68bc10eff2db4ea4d8a226a0b5fafe2
SHA512584892406f25307a339a0aef7159c75a86670afc97b52f9eb21ad7330f315db1d50781abffde27ccb040d8ad47753d30254f19e8d8427bb60cc0ea8f9a691458
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journalFilesize
20KB
MD5193f5f607db44880d8ab20dcd416bb01
SHA1a6be073120b40e787cc4bb942d66f6b697ad766d
SHA2566b8c685177acc2a7e8b6ad5ce501fd4bf703817d8f8f28db1dd0a0d45f16301d
SHA512d8aa6f27aa0fa0d52a50c40bf17f1a057d38781bb50b33ed56ad05d6dc22449b5039c45c0db567bd8d9fb34144d323ab5bd328e55f63b707b2e20e5696b87a93
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journalFilesize
20KB
MD5d3d099d116f484591b39adc2c9ea7df5
SHA1236dba104ca7f9877fc6d40dee192d1966c78753
SHA25666ae42b7b657bc2bb48955c9bd1a05c9e58bf30da98502b2fdf5e0f97ac21e59
SHA5121f7e95726781d0eed226480958eee0aafbe7fa1343e33519edfc247512528c41aaadf063e1fb8de60696effd3e6cb5b605eba16b5fa1b49597e0959f42316e9c
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journalFilesize
8KB
MD5366e569053cb044fa389c92383b8341b
SHA121d7467985ce8eac005a1d485c7660b4c6db2dc1
SHA256a4b522e2a3aa4293c849e20eb34dbece45d87503eb24231c5666376bc9409675
SHA512f828dbc1eff978e296d75d2425630059fddd1a6e2629ed484e49c382066a134eb72450f54a1e318e33d5781c7b9a3005630704e42a38b3ec6351eea46215150b
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journalFilesize
12KB
MD5fd4044e274f694e464ed13b04a25794b
SHA11ba285de9ab9d8d967033ee93de67fb28949acc6
SHA256738a43753d601bef7a604c2fbf001ec371e066c1eff1235ac690ae8d82d6eec1
SHA51269bbef42a0dc57a48e8154450f9bc3b0b8072cdbfd989915d437bfb8b33c2ff78ca04c97ce0f719a35cd9d7ec6153ac14a5581446340be752c87e48f7290db34
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journalFilesize
12KB
MD56f0af01d30f842264484d35eccc80137
SHA10554fed1301f55e8bbe3804dd50f9903ce905f8a
SHA256d1153d2cf34904750ef7758457d9de0081f65c3a5f49155ed57b05b9041bfc3a
SHA512aabf3216991a516e21b8612ce8abebcbd1130b34a0b5f57e8a015fcd3439e7e066a7dadd42d20c283747cefd19d955fe1deecb67c0a83b5a56516ff011827c87
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll-journalFilesize
12KB
MD582585dccb0c6fb72b46467a8a481679c
SHA116dc8c08279dc9580e7a4049d8f10a6e1c7e33c9
SHA256176f34dc9490ff18a2221fe4ab2e30ac122594c369d9ef922ae9418e6ffddb9c
SHA5122c3aa26a07d59d95eb69767a65c8cffc2118c97eed8d6b2644fcd274ef2c1e536032d6763c0f55c54f919962851d38a7b6176c7f2c7d8d149d8feaf80d50b2b8
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180Filesize
36KB
MD5d80d53444fdc8a7593c7e10de3ef2842
SHA1632d7b12b82d0fbf9c13e9e128ffd5f325e9a2a4
SHA256bb4ef68b79c50133a232ab05f48b5e788b2eca2b0764b1d2286f1888dfafe2a0
SHA512edecad5c3be22320c6c909ce62f1a55ae77d37873fa539c961e2148ad834cff64c557d5b58dced4ff8fd87f66e3a520977d5e432e3e7471f232ae8703382b0cf
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
512B
MD55b147aadc9d76109cac8c73e2d174c78
SHA123d4426aa47237bc64c411a56b084b2a80bd2965
SHA2569e8e69f02cb15c746e519fff236ee913c0a78cd316f6ff2324fde9aa5eaedfd7
SHA5125064cd97ee40dc488486f2e72329a6cb7ae7e019cf0f14f76fee95ed0c99b8596dddd4151657aa71cc58ad0ebf891f2c1312620decb1d2c38af22ab013af24db
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
8KB
MD5c55249e7ffc64232908b996a1ddf127a
SHA14a0a9eb1be4835afc470492ec2edb11b924d5ff5
SHA25642347dd900778ef077db1321d60b952644afa563bb983ada8d1dd035a1e2507a
SHA5123a3416c9c899c9e601e35b5436be86913f5e7e39651b26c4c4d41436ac5cd3ed114d6d604b4f3b8753d4bcb780921191aeeb75a49b503537ab8ec543d06beb95
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
8KB
MD5ac7f9da9da7ab79a265a6e6aaad15c1e
SHA1d05b6aad79affa91f6937f89f0cdc8ff4d1ad66c
SHA256ddda61dbff6088f158e96f2a22955b9c9a625aff522a68ce0595bfbbe8d43eca
SHA512c2b023a00549aaa938e402a30c0193876003c6b6ffed84cd399faa2570c32910ac0b8a3c13b3c8051377f71cbb9c728c0ee8ef2cf738cfae6fc39eefa8282e80
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
12KB
MD5bd0c327ea3fac1d85960edbe0c285396
SHA1468c3443f29f6e3a3bbaab2c1463b3705f12e2ac
SHA25652df7131b4abefad451f173933d51aebadd0b556da92c5019ea4102ac2b6107a
SHA51216832cf5aa0dba9764717b9304175ec37af78ec8e597cf34fd3f26765f1a56ca321e52a3ca273fb96489cd21cc98a7fd903e7442770ecac7490dc8fcc23dbfa7
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
12KB
MD54d7404eac73c627d879d5addd7a85146
SHA1f7e55c9d2c54f1abd93f11bba83d1de6f4a9ffc6
SHA25670189c1bfe16a52d601a6ab5b794e30c8016bef4eebb7de473820497eccc62b2
SHA5121900f7945a95ec75b1ed8980785cd24b10e1f4aba2758451fb2304668c1f7a7f2ae683c48815e19570d7aa2241f906e7388d2946eb125e934677a1da4f76cd86
-
/data/data/com.cover.the.dumb.roll/no_backup/db_metrica_com.cover.the.dumb.roll_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
12KB
MD5b00cf635401b1db5309ff2d45e820023
SHA1ed39566f4887e146a01f422506e54e7e5f227e3b
SHA2562c846218908ee1be47bba7d3370e30133c5ec67411a16cdc576e97c46a1d69fd
SHA5122b40eb95f0237f4db9f5a95dfa1c05318e9e0a6be8ddb68983a3129d71c1043b40c8cc4faa38cc8aaea618de978c3d93db6c8466139997efbe07fc7bbf3f59aa
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.dbFilesize
20KB
MD587a46f4c4113a8dff979d5a7289ba27b
SHA1a3a8fef34847ef6532a7ef898d5befc95dfa4570
SHA25636e5b739059b5f1341967b6fbd00ca5b390b3abb40e0cbfcecd92cae7d696052
SHA5128125d21e3a9cbc77cb04b64cd1a0e7ec13adafc0b417ae31b3d8ad257f5cc5b5064633b2dde8607a19b53ae279ed8a4e0fe1afc34fc3ce3256af4d39c6b3ad86
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.dbFilesize
20KB
MD5a0a548793a510f9caed081689f935eeb
SHA12d1aad0213b2b86bfe52dd2485741fb00eb02f3a
SHA2564564ec31a51694e8349f462d5ada137b3f37b7c42515a7fe34ea8ef33b5063c5
SHA512624204c5e505d3f2822a9761109babe81079ce8552551f23b7315baa171ef7881e5b5c4eab607a53b9bf080be6cb3100ff8cedf4cc86fa6218cd18301fcdc367
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.dbFilesize
20KB
MD543c6f5b25a8aeb3c6e3c317aa6278519
SHA1462eae86037c1c663e50752c1f2d81a3fcb41c30
SHA256f07f531329c7e373683d5e9bf6a11d7f7da17ed792e438bd43d2286b783903ba
SHA5124b78468efb5a1235517c55aee41744b00e80efe85b7502919f8a83bd25546f13e9348135638994e49fa5415578c05fe7852ef673f9b0be50dc91557dd2057909
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.dbFilesize
20KB
MD551fbb8ddc25ddbff6f68ab248cde13c5
SHA129bf1f62990db50074c1b31694749caf79051870
SHA2566d99bbe40b24127f7709355d6798b9f81bd7e1022e5c89ff2d4e303126a0a680
SHA512e12b9e13282965ce0062294ece9dbb74deab8123c6a81c3ec7a1dcf6b018f4feeef016ca2906243c18e92c23cbd08bd88ff354155cad55182768ed745e24aac8
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journalFilesize
12KB
MD5414b431a5e001e492277301f2cc17958
SHA19632b58030e1fb422bf521aedfe009a0ca184299
SHA2564d29f80cda4d070a7d80da767761cb14c40289fe4724f691293433aa303df1b1
SHA51298f24b31140aa31b7bfb67c87ea1b05ee2a2f03cd4b2f99e1ff98a19102551cd2879339184fc0791c92676bd86964ab959d77d9a298782fd54cc9483d0a318e3
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journalFilesize
12KB
MD5a484a6bf72db244d4d4f167819971ef1
SHA19265c37dd0d727d8cf299a2f0c3aac80fba63486
SHA2566338e025ad7c4880c0ffe67cbccdc86837f90dd0f7b28f76612fa60d9e96243c
SHA512e9a7f2ee190d264c38810b78787b6acd72c3c99a03b667f025edae753e9cb6cd33b14a2db7f41b300c96afb495b4a062fed510875cdb2f10fef452abcfe8642d
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journalFilesize
20KB
MD57ff08e8fbb99302ef3ad9f1125725aea
SHA10bde2d68317f60599dda5a95a992a5204fc81b39
SHA2565352338af320690bac601e68fd1d212b412f4871a69501da5f306bd41a482a05
SHA512b496e658d4d282554437af65264fa6e8c6aee847f96043fba53c397d76d7e198920c52a225481a055dcb950c0ebe9c4010072ff94d6bf2127081ad8239b303ec
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journalFilesize
44KB
MD56aa627184a45be0c9ee19e92efc51888
SHA15960a0852639c3835cdac282e205c228680deb47
SHA256e8020f59fd1d9872cc8bc10b01004fe02b7dd0095641f40967e536c422096d48
SHA512309bd80ebcce09178259d73db847f313bab07f610ebbba5092d4df92ec85459eae8f862297803eaac4dbef8850265f82bfdca49e52f45b201c482e7c401a98e8
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journalFilesize
12KB
MD5736a5ac52fb09370f56b0148ec8200d6
SHA1b73e5ede7cf2e85ef6cc55aa42af0a171a557525
SHA256141d3e387d375f33627ad6915596fd5c65b5dc444cac0a6ffa0b123a890eedc5
SHA512af555b79ea60ade25a0244670ed557be27ba1dae8aba5fe327d0bc1db5b328f604da82655cc6de76562361c2b84d6b189b292e36377529c4123a5b4faaacfe48
-
/data/data/com.cover.the.dumb.roll/no_backup/metrica_client_data.db-journalFilesize
12KB
MD5b8fba084ee2695fb44238b666c955cb3
SHA1e26b141a4c984a8646aa3903993beece48e2b0a3
SHA25621dfd09577cf5a927810d568a68d95d6f8f3a5c21d6529eb68e49e3ec710561f
SHA51236530fe6ad7e66d2ec42119ad9f4345efc63fce28f324e1e84cb8a813e9fa5cc8f83f2c58bfd88761fa9bcef99cf03ff9e007fa938188a1a5baa4865c01556b9